SecurityEngineering/MeetingNotes/07-11-13

From MozillaWiki
Jump to: navigation, search

Standing Agenda

  • Q2 Goals Recap ( https://intranet.mozilla.org/2013Q2Goals#Security_Engineering )
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Additional Items
  • Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/06-27-13

Agenda 07-11-13

Q2 Goals Postmortem

  • [MISS] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building).
    • big problem came down to reviews.
      • cviecco trusted bsmith not to make horrible mistakes, which in itself was a mistake.
      • not enough communication (mostly bsmith's fault).
    • "real goal" is turning everything on this quarter, and that's looking good.
    • "meeting the (artificial) goal" could have been done if had focused more on that, rather than the important work that underpins other stuff. Maybe this was not a good goal in the first place.
    • https://bugzilla.mozilla.org/show_bug.cgi?id=878932
  • [DONE] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi)
    • Documentation people were supportive and did a lot of work
    • As long as you stay on top and contact them early, it's easily managable in a quarter
  • [DROP] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven)
  • [MISS] Deploy pilot cookie study and publish results. (ddahl)
    • Pretty much done... but never got the data. "Strange" communication problem with the metrics team. ddahl blames himself. Everything else is ready for when the data finally appears.


Big Trends:

  • Communication
  • Reviews
  • Q3 - for our Q3 goals we tried to figure out what other teams need to be involved. We can update the team dependencies on our Q3 goals next week.